<?php
$_GET		=	_auto_filter_param($_GET);
$_POST		=	_auto_filter_param($_POST);
$_COOKIE	=	_auto_filter_param($_COOKIE);
$_REQUEST	=	_auto_filter_param($_REQUEST);

$_GET		=	_auto_filter_keys($_GET);
$_POST		=	_auto_filter_keys($_POST);
$_COOKIE	=	_auto_filter_keys($_COOKIE);
$_REQUEST	=	_auto_filter_keys($_REQUEST);

// var_dump($_GET);

function _auto_filter_param(&$arr,$name='') {
	if (is_array($arr) && isset($arr[$name])) {
		$str	=	&$arr["$name"];
	}elseif (isset($arr) && empty($name)) {
		$str	=	$arr;
	}else {
		return '';
	}
	if (is_array($str)) {
		foreach ($str as $key=>$element) {
			_auto_filter_param($str,$key);
		}
	}
	if (!is_array($str)) {
		$str =  _auto_filter_func($str);
	}// if end
	return $str;
}

function _auto_filter_keys($arr){
	if(is_array($arr) && !empty($arr)){
		foreach($arr as $key=>$val){
			if(preg_match('/[\W+]/',$key)){
				unset($arr[$key]);
			}
		}
	}
	return $arr;
}

function _auto_filter_func($str) {
		//需匹配的字符
		$filter_arr	=	array(chr(0x01), chr(0x02), chr(0x03), chr(0x04), chr(0x05), chr(0x06), chr(0x07), chr(0x08), chr(0x09), chr(0x10), chr(0x11), chr(0x12), chr(0x13), chr(0x14), chr(0x15), chr(0x16), chr(0x17), chr(0x18), chr(0x19), chr(0x20), '+', '%',);
		//$filter_arr	=	array('%s', '+', '%');
		
		//需过滤的关键字
		$key_arr	=	array(
								'next'	=>	array('select', 'update', 'delete', 'insert', 'drop', 'outfile'),	//匹配字符必须在该关键字后有一个或多个
								'pre'	=>	array(),	//匹配字符必须在该关键字前有一个或多个
								'all'	=>	array('order', 'group', 'union', 'and'),	//匹配字符必须在该关键词前后有出现
								'func'	=>	array('char', 'cast', 'unicode', 'ascii', 'load_file', 'outfile', 'substr', 'substring', 'count', 'CONCAT_WS', 'concat'),	//内置函数关键字，后面跟括号，单引号或双引号的
							);
		
		//关键字分隔符
		$key_split_arr	=	array(	'%',	);
		
		//开始过滤
		//生成正则匹配字符串
		$ereg	=	'[' . chr(0x5c) . implode('|' . chr(0x5c), $filter_arr) . ']';
		//$key_ereg	=	'[' . chr(0x5c) . implode('|' . chr(0x5c), $key_split_arr) . ']';
		
		//循环过滤
		foreach($key_arr as $key => $key_value){
			foreach($key_value as $k_key => $value){
				
				/*拆分关键字，过滤关键中的特殊分隔符
				$t	=	array();
				$l	=	strlen($value);
				for($i = 0; $i < $l; $i++){
					$t[]	=	substr($value, $i, 1);
				}
				
				if (!empty($t)){
					$n_ereg	=	'(' . $key_ereg . '{0,}' . implode($key_ereg . '{0,})(', $t) . $key_ereg . '{0,})';
				}
				*/
				
				//按关键字规则过滤
				switch($key){
					case 'next':
						$str	=	preg_replace('/'.$ereg . '{0,}' . $value . $ereg . '{1,}/i', '[' . $value . ']', $str);
						break;
					case 'pre':
						$str	=	preg_replace('/'.$ereg . '{1,}' . $value . $ereg . '{0,}/i', '[' . $value . ']', $str);
						break;
					case 'all':
						$str	=	preg_replace('/'.$ereg . '{1,}' . $value . $ereg . '{1,}/i', '[' . $value . ']', $str);
						break;
					case 'func':
						$str	=	preg_replace('/'.$ereg . '{1,}' . $value . '[\"|\'|(]/i', '[' . $value . ']', $str);
						break;
				}
				
				//过滤关键字分隔符(此过滤暂不完善，会有杀错，目前不使用)
				//$str	=	eregi_replace($n_ereg, '[' . $value . ']', $str);
			}
		}
		
		//过滤/**/，把半角*换成全角＊
		$str	=	str_replace('*', '＊', $str);
		
		//过滤%，把半角%换成全角％
		$str	=	str_replace('%', '％', $str);
		
		//过滤单引号，把半角'换成中文’
		$str	=	str_replace("'", "’", $str);
		$str	=	str_replace('"', '”', $str);

		//过滤%，把半角%换成全角％
		
		$str 	= 	urlencode($str);
		$str 	=	str_replace('%0A', '％0a', $str);
		$str 	=	str_replace('%0a', '％0a', $str);
		$str 	=	str_replace('%0D', '％0d', $str);
		$str 	=	str_replace('%0d', '％0d', $str);
		$str 	=	urldecode($str);
		$str = trim($str);
		return $str;
}
